Red Hat OpenStack Platform 11 Configuration Reference · Red Hat OpenStack Platform 11...

Red Hat OpenStack Platform 11

Configuration Reference

Configuring Red Hat OpenStack Platform environments

Last Updated: 2017-11-09

Red Hat OpenStack Platform 11 Configuration Reference

Configuring Red Hat OpenStack Platform environments

OpenStack [email protected]

Legal Notice

Copyright 2017 Red Hat, Inc.

The text of and illustrations in this document are licensed by Red Hat under a Creative CommonsAttributionShare Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA isavailable athttp://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you mustprovide the URL for the original version.

Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert,Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.

Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, OpenShift, Fedora, the Infinitylogo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and othercountries.

Linux is the registered trademark of Linus Torvalds in the United States and other countries.

Java is a registered trademark of Oracle and/or its affiliates.

XFS is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United Statesand/or other countries.

MySQL is a registered trademark of MySQL AB in the United States, the European Union andother countries.

Node.js is an official trademark of Joyent. Red Hat Software Collections is not formally related toor endorsed by the official Joyent Node.js open source or commercial project.

The OpenStack Word Mark and OpenStack logo are either registered trademarks/service marksor trademarks/service marks of the OpenStack Foundation, in the United States and other countriesand are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed orsponsored by the OpenStack Foundation, or the OpenStack community.

All other trademarks are the property of their respective owners.

Abstract

This document is for system administrators who want to look up configuration options. It containslists of configuration options available with OpenStack and uses auto-generation to generateoptions and the descriptions from the code for each project.

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Table of Contents

CHAPTER 1. COMMON CONFIGURATIONS1.1. COMMON CONFIGURATION OPTIONS

1.1.1. Description of Configuration Options

CHAPTER 2. BARE METAL2.1. BARE METAL CONFIGURATION OPTIONS

2.1.1. Description of Configuration Options2.1.2. New, updated, and deprecated options in Ocata for Bare Metal service

CHAPTER 3. BLOCK STORAGE3.1. BLOCK STORAGE CONFIGURATION OPTIONS

3.1.1. Description of Configuration Options3.1.2. New, updated, and deprecated options in Ocata for Block Storage

CHAPTER 4. COMPUTE4.1. COMPUTE CONFIGURATION OPTIONS

4.1.1. Description of Configuration Options4.1.2. New, updated, and deprecated options in Ocata for Compute

CHAPTER 5. DATA PROCESSING SERVICE5.1. DATA PROCESSING CONFIGURATION OPTIONS

5.1.1. Description of Configuration Options5.1.2. New, updated, and deprecated options in Ocata for Data Processing service

CHAPTER 6. IDENTITY SERVICE6.1. IDENTITY SERVICE CONFIGURATION OPTIONS

6.1.1. Identity Service Configuration File6.1.2. Description of Configuration Options6.1.3. New, updated, and deprecated options in Ocata for Identity service

CHAPTER 7. IMAGE SERVICE7.1. IMAGE SERVICE CONFIGURATION OPTIONS

7.1.1. Description of Configuration Options7.1.2. New, updated, and deprecated options in Ocata for Image service

CHAPTER 8. NETWORKING8.1. NETWORKING CONFIGURATION OPTIONS

8.1.1. Description of Configuration Options8.1.2. New, updated, and deprecated options in Ocata for Networking

CHAPTER 9. ORCHESTRATION9.1. ORCHESTRATION CONFIGURATION OPTIONS

9.1.1. Description of Configuration Options9.1.2. New, updated, and deprecated options in Ocata for Orchestration

CHAPTER 10. SHARED FILE SYSTEMS10.1. SHARED STORAGE CONFIGURATION OPTIONS

10.1.1. Description of Configuration Options10.1.2. New, updated, and deprecated options in Ocata for Shared File Systems service

CHAPTER 11. TELEMETRY11.1. TELEMETRY CONFIGURATION OPTIONS

11.1.1. Description of Configuration Options11.1.2. New, updated, and deprecated options in Ocata for Telemetry

444

16161648

565656

117

124124124301

331331331339

341341341341376

379379379451

452452452480

484484484508

510510510539

543543543552

Table of Contents

1

11.2. TELEMETRY ALARMING CONFIGURATION OPTIONS11.2.1. Description of Configuration Options11.2.2. New, updated, and deprecated options in Ocata for Alarming

552552557


2

Table of Contents

3

CHAPTER 1. COMMON CONFIGURATIONSThis chapter describes the common configurations for shared service and libraries.

1.1. COMMON CONFIGURATION OPTIONS


The following tables provide a comprehensive list of the common configuration options.

Table 1.1. Description of AMQP configuration options

Configuration option = Default value Description

[DEFAULT]

control_exchange = openstack (String) The default exchange under which topics arescoped. May be overridden by an exchange namespecified in the transport_url option.

default_publisher_id = None (String) Default publisher_id for outgoing notifications

transport_url = None (String) A URL representing the messaging driver touse and its full configuration. If not set, we fall backto the rpc_backend option and driver specificconfiguration.

Table 1.2. Description of authentication configuration options


[DEFAULT]

auth_strategy = keystone (String) This determines the strategy to use forauthentication: keystone or noauth2. 'noauth2' isdesigned for testing only, as it does no actualcredential checking. 'noauth2' provides administrativecredentials only if 'admin' is specified as theusername.

Table 1.3. Description of authorization token configuration options


[keystone_authtoken]

admin_password = None (String) Service user password.


4

admin_tenant_name = admin (String) Service tenant name.

admin_token = None (String) This option is deprecated and may beremoved in a future release. Single shared secretwith the Keystone configuration used forbootstrapping a Keystone installation, or otherwisebypassing the normal authentication process. Thisoption should not be used, use admin_user andadmin_password instead.

admin_user = None (String) Service username.

auth_admin_prefix = (String) Prefix to prepend at the beginning of thepath. Deprecated, use identity_uri.

auth_host = 127.0.0.1 (String) Host providing the admin Identity APIendpoint. Deprecated, use identity_uri.

auth_port = 35357 (Integer) Port of the admin Identity API endpoint.Deprecated, use identity_uri.

auth_protocol = https (String) Protocol of the admin Identity API endpoint.Deprecated, use identity_uri.

auth_section = None (Unknown) Config Section from which to load pluginspecific options

auth_type = None (Unknown) Authentication type to load

auth_uri = None (String) Complete "public" Identity API endpoint. Thisendpoint should not be an "admin" endpoint, as itshould be accessible by all end users.Unauthenticated clients are redirected to thisendpoint to authenticate. Although this endpointshould ideally be unversioned, client support in thewild varies. If youre using a versioned v2 endpointhere, then this should not be the same endpoint theservice user utilizes for validating tokens, becausenormal end users may not be able to reach thatendpoint.

auth_version = None (String) API version of the admin Identity APIendpoint.


CHAPTER 1. COMMON CONFIGURATIONS

5

cache = None (String) Request environment key where the Swiftcache object is stored. When auth_token middlewareis deployed with a Swift cache, use this option to havethe middleware share a caching backend with swift.Otherwise, use the memcached_servers optioninstead.

cafile = None (String) A PEM encoded Certificate Authority to usewhen verifying HTTPs connections. Defaults tosystem CAs.

certfile = None (String) Required if identity server requires clientcertificate

check_revocations_for_cached = False (Boolean) If true, the revocation list will be checkedfor cached tokens. This requires that PKI tokens areconfigured on the identity server.

delay_auth_decision = False (Boolean) Do not handle authorization requestswithin the middleware, but delegate the authorizationdecision to downstream WSGI components.

enforce_token_bind = permissive (String) Used to control the use and type of tokenbinding. Can be set to: "disabled" to not check tokenbinding. "permissive" (default) to validate bindinginformation if the bind type is of a form known to theserver and ignore it if not. "strict" like "permissive" butif the bind type is unknown the token will be rejected."required" any form of token binding is needed to beallowed. Finally the name of a binding method thatmust be present in tokens.

hash_algorithms = md5 (List) Hash algorithms to use for hashing PKI tokens.This may be a single algorithm or multiple. Thealgorithms are those supported by Python standardhashlib.new(). The hashes will be tried in the ordergiven, so put the preferred one first for performance.The result of the first hash will be stored in the cache.This will typically be set to multiple values only whilemigrating from a less secure algorithm to a moresecure one. Once all the old tokens are expired thisoption should be set to a single value for betterperformance.

http_connect_timeout = None (Integer) Request timeout value for communicatingwith Identity API server.

http_request_max_retries = 3 (Integer) How many times are we trying to reconnectwhen communicating with Identity API Server.



6

identity_uri = None (String) Complete admin Identity API endpoint. Thisshould specify the unversioned root endpoint e.g.https://localhost:35357/

include_service_catalog = True (Boolean) (Optional) Indicate whether to set the X-Service-Catalog header. If False, middleware will notask for service catalog on token validation and willnot set the X-Service-Catalog header.

insecure = False (Boolean) Verify HTTPS connections.

keyfile = None (String) Required if identity server requires clientcertificate

memcache_pool_conn_get_timeout = 10 (Integer) (Optional) Number of seconds that anoperation will wait to get a memcached clientconnection from the pool.

memcache_pool_dead_retry = 300 (Integer) (Optional) Number of seconds memcachedserver is considered dead before it is tried again.

memcache_pool_maxsize = 10 (Integer) (Optional) Maximum total number of openconnections to every memcached server.

memcache_pool_socket_timeout = 3 (Integer) (Optional) Socket timeout in seconds forcommunicating with a memcached server.

memcache_pool_unused_timeout = 60 (Integer) (Optional) Number of seconds a connectionto memcached is held unused in the pool before it isclosed.

memcache_secret_key = None (String) (Optional, mandatory ifmemcache_security_strategy is defined) This stringis used for key derivation.

memcache_security_strategy = None (String) (Optional) If defined, indicate whether tokendata should be authenticated or authenticated andencrypted. If MAC, token data is authenticated (withHMAC) in the cache. If ENCRYPT, token data isencrypted and authenticated in the cache. If thevalue is not one of these options or empty,auth_token will raise an exception on initialization.

memcache_use_advanced_pool = False (Boolean) (Optional) Use the advanced (eventletsafe) memcached client pool. The advanced pool willonly work under python 2.x.



7

https://localhost:35357/

memcached_servers = None (List) Optionally specify a list of memcached server(s)to use for caching. If left undefined, tokens willinstead be cached in-process.

region_name = None (String) The region in which the identity server canbe found.

revocation_cache_time = 10 (Integer) Determines the frequency at which the listof revoked tokens is retrieved from the Identityservice (in seconds). A high number of revocationevents combined with a low cache duration maysignificantly reduce performance. Only valid for PKItokens.

signing_dir = None (String) Directory used to cache files related to PKItokens.

token_cache_time = 300 (Integer) In order to prevent excessive effort spentvalidating tokens, the middleware caches previously-seen tokens for a configurable duration (in seconds).Set to -1 to disable caching completely.


Table 1.4. Description of database configuration options


[DEFAULT]

db_driver = SERVICE.db (String) DEPRECATED: The driver to use fordatabase access

[database]

backend = sqlalchemy (String) The back end to use for the database.

connection = None (String) The SQLAlchemy connection string to use toconnect to the database.

connection_debug = 0 (Integer) Verbosity of SQL debugging information:0=None, 100=Everything.

connection_trace = False (Boolean) Add Python stack traces to SQL ascomment strings.


8

db_inc_retry_interval = True (Boolean) If True, increases the interval betweenretries of a database operation up todb_max_retry_interval.

db_max_retries = 20 (Integer) Maximum retries in case of connection erroror deadlock error before error is raised. Set to -1 tospecify an infinite retry count.

db_max_retry_interval = 10 (Integer) If db_inc_retry_interval is set, the maximumseconds between retries of a database operation.

db_retry_interval = 1 (Integer) Seconds between retries of a databasetransaction.

idle_timeout = 3600 (Integer) Timeout before idle SQL connections arereaped.

max_overflow = 50 (Integer) If set, use this value for max_overflow withSQLAlchemy.

max_pool_size = None (Integer) Maximum number of SQL connections tokeep open in a pool.

max_retries = 10 (Integer) Maximum number of database connectionretries during startup. Set to -1 to specify an infiniteretry count.

min_pool_size = 1 (Integer) Minimum number of SQL connections tokeep open in a pool.

mysql_sql_mode = TRADITIONAL (String) The SQL mode to be used for MySQLsessions. This option, including the default, overridesany server-set SQL mode. To use whatever SQLmode is set by the server configuration, set this to novalue. Example: mysql_sql_mode=

pool_timeout = None (Integer) If set, use this value for pool_timeout withSQLAlchemy.

retry_interval = 10 (Integer) Interval between retries of opening a SQLconnection.

slave_connection = None (String) The SQLAlchemy connection string to use toconnect to the slave database.



9

sqlite_db = oslo.sqlite (String) The file name to use with SQLite.

sqlite_synchronous = True (Boolean) If True, SQLite uses synchronous mode.

use_db_reconnect = False (Boolean) Enable the experimental use of databasereconnect on connection lost.

use_tpool = False (Boolean) Enable the experimental use of threadpooling for all DB API calls


Table 1.5. Description of common logging configuration options


[DEFAULT]

debug = False (Boolean) If set to true, the logging level will be set toDEBUG instead of the default INFO level.

default_log_levels = amqp=WARN, amqplib=WARN, boto=WARN, qpid=WARN, sqlalchemy=WARN, suds=INFO, oslo.messaging=INFO, iso8601=WARN, requests.packages.urllib3.connectionpool=WARN, urllib3.connectionpool=WARN, websocket=WARN, requests.packages.urllib3.util.retry=WARN, urllib3.util.retry=WARN, keystonemiddleware=WARN, routes.middleware=WARN, stevedore=WARN, taskflow=WARN, keystoneauth=WARN, oslo.cache=INFO, dogpile.core.dogpile=INFO

(List) List of package logging levels in logger=LEVELpairs. This option is ignored if log_config_append isset.

fatal_deprecations = False (Boolean) Enables or disables fatal status ofdeprecations.

fatal_exception_format_errors = False (Boolean) Make exception message format errorsfatal

instance_format = "[instance: %(uuid)s] " (String) The format for an instance that is passed withthe log message.

instance_uuid_format = "[instance: %(uuid)s] "

(String) The format for an instance UUID that ispassed with the log message.


10

log_config_append = None (String) The name of a logging configuration file. Thisfile is appended to any existing logging configurationfiles. For details about logging configuration files, seethe Python logging module documentation. Note thatwhen logging configuration files are used then alllogging configuration is set in the configuration fileand other logging configuration options are ignored(for example, logging_context_format_string).

log_date_format = %Y-%m-%d %H:%M:%S (String) Defines the format string for %%(asctime)s inlog records. Default: %(default)s . This option isignored if log_config_append is set.

log_dir = None (String) (Optional) The base directory used forrelative log_file paths. This option is ignored iflog_config_append is set.

log_file = None (String) (Optional) Name of log file to send loggingoutput to. If no default is set, logging will go to stderras defined by use_stderr. This option is ignored iflog_config_append is set.

logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s

(String) Format string to use for log messages withcontext.

logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d

(String) Additional data to append to log messagewhen logging level for the message is DEBUG.

logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s

(String) Format string to use for log messages whencontext is undefined.

logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s

(String) Prefix each line of exception output with thisformat.

logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s

(String) Defines the format string for %(user_identity)s that is used inlogging_context_format_string.

publish_errors = False (Boolean) Enables or disables publication of errorevents.



11

syslog_log_facility = LOG_USER (String) Syslog facility to receive log lines. This optionis ignored if log_config_append is set.

use_stderr = True (Boolean) Log output to standard error. This option isignored if log_config_append is set.

use_syslog = False (Boolean) Use syslog for logging. Existing syslogformat is DEPRECATED and will be changed later tohonor RFC5424. This option is ignored iflog_config_append is set.

verbose = True (Boolean) DEPRECATED: If set to false, the logginglevel will be set to WARNING instead of the defaultINFO level.

watch_log_file = False (Boolean) Uses logging handler designed to watchfile system. When log file is moved or removed thishandler will open a new log file with specified pathinstantaneously. It makes sense only if log_file optionis specified and Linux platform is used. This option isignored if log_config_append is set.


Table 1.6. Description of policy configuration options


[oslo_policy]

policy_default_rule = default (String) Default rule. Enforced when a requested ruleis not found.

policy_dirs = ['policy.d'] (Multi-valued) Directories where policy configurationfiles are stored. They can be relative to any directoryin the search path defined by the config_dir option, orabsolute paths. The file defined by policy_file mustexist for these directories to be searched. Missing orempty directories are ignored.

policy_file = policy.json (String) The JSON file that defines policies.

Table 1.7. Description of RPC configuration options


[DEFAULT]


12

notification_format = both (String) Specifies which notification format shall beused by nova.

rpc_backend = rabbit (String) The messaging driver to use, defaults torabbit. Other drivers include amqp and zmq.

rpc_cast_timeout = -1 (Integer) Seconds to wait before a cast expires (TTL).The default value of -1 specifies an infinite lingerperiod. The value of 0 specifies no linger period.Pending messages shall be discarded immediatelywhen the socket is closed. Only supported byimpl_zmq.

rpc_conn_pool_size = 30 (Integer) Size of RPC connection pool.

rpc_poll_timeout = 1 (Integer) The default number of seconds that pollshould wait. Poll raises timeout exception whentimeout expired.

rpc_response_timeout = 60 (Integer) Seconds to wait for a response from a call.

[cells]

rpc_driver_queue_base = cells.intercell (String) RPC driver queue base When sending amessage to another cell by JSON-ifying the messageand making an RPC cast to 'process_message', abase queue is used. This option defines the basequeue name to be used when communicatingbetween cells. Various topics by message type willbe appended to this.

Possible values: * The base queue name to be usedwhen communicating between cells. Services whichconsume this: * nova-cells

Related options: * None

[oslo_concurrency]

disable_process_locking = False (Boolean) Enables or disables inter-process locks.

lock_path = None (String) Directory to use for lock files. For security,the specified directory should only be writable by theuser running the processes that need locking.Defaults to environment variableOSLO_LOCK_PATH. If external locks are used, alock path must be set.



13

[oslo_messaging]

event_stream_topic = neutron_lbaas_event (String) topic name for receiving events from a queue

[oslo_messaging_amqp]

allow_insecure_clients = False (Boolean) Accept clients using either SSL or plainTCP

broadcast_prefix = broadcast (String) address prefix used when broadcasting to allservers

container_name = None (String) Name for the AMQP container

group_request_prefix = unicast (String) address prefix when sending to any server ingroup

idle_timeout = 0 (Integer) Timeout for inactive connections (inseconds)

password = (String) Password for message broker authentication

sasl_config_dir = (String) Path to directory that contains the SASLconfiguration

sasl_config_name = (String) Name of configuration file (without .confsuffix)

sasl_mechanisms = (String) Space separated list of acceptable SASLmechanisms

server_request_prefix = exclusive (String) address prefix used when sending to aspecific server

ssl_ca_file = (String) CA certificate PEM file to verify servercertificate

ssl_cert_file = (String) Identifying certificate PEM file to present toclients

ssl_key_file = (String) Private key PEM file used to sign cert_filecertificate

ssl_key_password = None (String) Password for decrypting ssl_key_file (ifencrypted)



14

trace = False (Boolean) Debug: dump AMQP frames to stdout

username = (String) User name for message brokerauthentication

[oslo_messaging_notifications]

driver = [] (Multi-valued) The Drivers(s) to handle sendingnotifications. Possible values are messaging,messagingv2, routing, log, test, noop

topics = notifications (List) AMQP topic used for OpenStack notifications.

transport_url = None (String) A URL representing the messaging driver touse for notifications. If not set, we fall back to thesame configuration used for RPC.

[upgrade_levels]

baseapi = None (String) Set a version cap for messages sent to thebase api in any service



15

CHAPTER 2. BARE METALThe Bare metal service is capable of managing and provisioning physical machines. The configurationfile of this module is /etc/ironic/ironic.conf.

2.1. BARE METAL CONFIGURATION OPTIONS

NOTE

The common configurations for shared services and libraries, such as databaseconnections and RPC messaging, are described at Common configurations.


The following tables provide a comprehensive list of the Bare metal service configuration options.

Table 2.1. Description of agent configuration options


[agent]

agent_api_version = v1 (String) API version to use for communicating withthe ramdisk agent.

deploy_logs_collect = on_failure (String) Whether Ironic should collect the deploymentlogs on deployment failure (on_failure), always ornever.

deploy_logs_local_path = /var/log/ironic/deploy

(String) The path to the directory where the logsshould be stored, used when thedeploy_logs_storage_backend is configured to"local".

deploy_logs_storage_backend = local (String) The name of the storage backend where thelogs will be stored.

deploy_logs_swift_container = ironic_deploy_logs_container

(String) The name of the Swift container to store thelogs, used when the deploy_logs_storage_backend isconfigured to "swift".

deploy_logs_swift_days_to_expire = 30 (Integer) Number of days before a log object ismarked as expired in Swift. If None, the logs will bekept forever or until manually deleted. Used when thedeploy_logs_storage_backend is configured to"swift".

manage_agent_boot = True (Boolean) Whether Ironic will manage booting of theagent ramdisk. If set to False, you will need toconfigure your mechanism to allow booting the agentramdisk.


16

memory_consumed_by_agent = 0 (Integer) The memory size in MiB consumed byagent when it is booted on a bare metal node. This isused for checking if the image can be downloadedand deployed on the bare metal node after bootingagent ramdisk. This may be set according to thememory consumed by the agent ramdisk image.

post_deploy_get_power_state_retries = 6 (Integer) Number of times to retry getting power stateto check if bare metal node has been powered offafter a soft power off.

post_deploy_get_power_state_retry_interval= 5

(Integer) Amount of time (in seconds) to wait betweenpolling power state after trigger soft poweroff.

stream_raw_images = True (Boolean) Whether the agent ramdisk should streamraw images directly onto the disk or not. By streamingraw images directly onto the disk the agent ramdiskwill not spend time copying the image to a tmpfspartition (therefore consuming less memory) prior towriting it to the disk. Unless the disk where the imagewill be copied to is really slow, this option should beset to True. Defaults to True.


Table 2.2. Description of AMT configuration options


[amt]

action_wait = 10 (Integer) Amount of time (in seconds) to wait, beforeretrying an AMT operation

awake_interval = 60 (Integer) Time interval (in seconds) for successiveawake call to AMT interface, this depends on theIdleTimeout setting on AMT interface. AMT Interfacewill go to sleep after 60 seconds of inactivity bydefault. IdleTimeout=0 means AMT will not go tosleep at all. Setting awake_interval=0 will disableawake call.

max_attempts = 3 (Integer) Maximum number of times to attempt anAMT operation, before failing

protocol = http (String) Protocol used for AMT endpoint

Table 2.3. Description of API configuration options

CHAPTER 2. BARE METAL

17


[api]

api_workers = None (Integer) Number of workers for OpenStack Ironic APIservice. The default is equal to the number of CPUsavailable if that can be determined, else a defaultworker count of 1 is returned.

enable_ssl_api = False (Boolean) Enable the integrated stand-alone API toservice requests via HTTPS instead of HTTP. If thereis a front-end service performing HTTPS offloadingfrom the service, this option should be False; note,you will want to change public API endpoint torepresent SSL termination URL with 'public_endpoint'option.

host_ip = 0.0.0.0 (String) The IP address on which ironic-api listens.

max_limit = 1000 (Integer) The maximum number of items returned ina single response from a collection resource.

port = 6385 (Port number) The TCP port on which ironic-apilistens.

public_endpoint = None (String) Public URL to use when building the links tothe API resources (for example,"https://ironic.rocks:6384"). If None the links will bebuilt using the requests host URL. If the API isoperating behind a proxy, you will want to changethis to represent the proxys URL. Defaults to None.

ramdisk_heartbeat_timeout = 300 (Integer) Maximum interval (in seconds) for agentheartbeats.

restrict_lookup = True (Boolean) Whether to restrict the lookup API to onlynodes in certain states.

[oslo_middleware]

enable_proxy_headers_parsing = False (Boolean) Whether the application is behind a proxyor not. This determines if the middleware shouldparse the headers or not.

max_request_body_size = 114688 (Integer) The maximum body size for each request, inbytes.


18

https://ironic.rocks:6384

secure_proxy_ssl_header = X-Forwarded-Proto

(String) DEPRECATED: The HTTP Header that willbe used to determine what the original requestprotocol scheme was, even if it was hidden by a SSLtermination proxy.

[oslo_versionedobjects]

fatal_exception_format_errors = False (Boolean) Make exception message format errorsfatal


Table 2.4. Description of audit configuration options


[audit]

audit_map_file = /etc/ironic/api_audit_map.conf

(String) Path to audit map file for ironic-api service.Used only when API audit is enabled.

enabled = False (Boolean) Enable auditing of API requests (for ironic-api service).

ignore_req_list = (String) Comma separated list of Ironic REST APIHTTP methods to be ignored during audit logging.For example: auditing will not be done on any GET orPOST requests if this is set to "GET,POST". It is usedonly when API audit is enabled.

namespace = openstack (String) namespace prefix for generated id

[audit_middleware_notifications]

driver = None (String) The Driver to handle sending notifications.Possible values are messaging, messagingv2,routing, log, test, noop. If not specified, then valuefrom oslo_messaging_notifications conf section isused.

topics = None (List) List of AMQP topics used for OpenStacknotifications. If not specified, then value fromoslo_messaging_notifications conf section is used.

transport_url = None (String) A URL representing messaging driver to usefor notification. If not specified, we fall back to thesame configuration used for RPC.


19

Table 2.5. Description of Cisco UCS configuration options


[cimc]

action_interval = 10 (Integer) Amount of time in seconds to wait inbetween power operations

max_retry = 6 (Integer) Number of times a power operation needs tobe retried

[cisco_ucs]

action_interval = 5 (Integer) Amount of time in seconds to wait inbetween power operations

max_retry = 6 (Integer) Number of times a power operation needs tobe retried

Table 2.6. Description of common configuration options


[DEFAULT]

bindir = /usr/local/bin (String) Directory where ironic binaries are installed.

debug_tracebacks_in_api = False (Boolean) Return server tracebacks in the APIresponse for any error responses. WARNING: this isinsecure and should not be used in a productionenvironment.

default_boot_interface = None (String) Default boot interface to be used for nodesthat do not have boot_interface field set. A completelist of boot interfaces present on your system may befound by enumerating the"ironic.hardware.interfaces.boot" entrypoint.

default_console_interface = None (String) Default console interface to be used fornodes that do not have console_interface field set. Acomplete list of console interfaces present on yoursystem may be found by enumerating the"ironic.hardware.interfaces.console" entrypoint.

default_deploy_interface = None (String) Default deploy interface to be used for nodesthat do not have deploy_interface field set. Acomplete list of deploy interfaces present on yoursystem may be found by enumerating the"ironic.hardware.interfaces.deploy" entrypoint.


20

default_inspect_interface = None (String) Default inspect interface to be used for nodesthat do not have inspect_interface field set. Acomplete list of inspect interfaces present on yoursystem may be found by enumerating the"ironic.hardware.interfaces.inspect" entrypoint.

default_management_interface = None (String) Default management interface to be used fornodes that do not have management_interface fieldset. A complete list of management interfaces presenton your system may be found by enumerating the"ironic.hardware.interfaces.management" entrypoint.

default_network_interface = None (String) Default network interface to be used fornodes that do not have network_interface field set. Acomplete list of network interfaces present on yoursystem may be found by enumerating the"ironic.hardware.interfaces.network" entrypoint.

default_portgroup_mode = active-backup (String) Default mode for portgroups. Allowed valuescan be found in the linux kernel documentation onbonding:https://www.kernel.org/doc/Documentation/networking/bonding.txt.

default_power_interface = None (String) Default power interface to be used for nodesthat do not have power_interface field set. Acomplete list of power interfaces present on yoursystem may be found by enumerating the"ironic.hardware.interfaces.power" entrypoint.

default_raid_interface = None (String) Default raid interface to be used for nodesthat do not have raid_interface field set. A completelist of raid interfaces present on your system may befound by enumerating the"ironic.hardware.interfaces.raid" entrypoint.

default_vendor_interface = None (String) Default vendor interface to be used for nodesthat do not have vendor_interface field set. Acomplete list of vendor interfaces present on yoursystem may be found by enumerating the"ironic.hardware.interfaces.vendor" entrypoint.



21

https://www.kernel.org/doc/Documentation/networking/bonding.txt

enabled_boot_interfaces = pxe (List) Specify the list of boot interfaces to load duringservice initialization. Missing boot interfaces, or bootinterfaces which fail to initialize, will prevent theironic-conductor service from starting. At least oneboot interface that is supported by each enabledhardware type must be enabled here, or the ironic-conductor service will not start. Must not be an emptylist. The default value is a recommended set ofproduction-oriented boot interfaces. A complete list ofboot interfaces present on your system may be foundby enumerating the "ironic.hardware.interfaces.boot"entrypoint. When setting this value, please make surethat every enabled hardware type will have the sameset of enabled boot interfaces on every ironic-conductor service.

enabled_console_interfaces = no-console (List) Specify the list of console interfaces to loadduring service initialization. Missing consoleinterfaces, or console interfaces which fail to initialize,will prevent the ironic-conductor service from starting.At least one console interface that is supported byeach enabled hardware type must be enabled here,or the ironic-conductor service will not start. Must notbe an empty list. The default value is arecommended set of production-oriented consoleinterfaces. A complete list of console interfacespresent on your system may be found byenumerating the "ironic.hardware.interfaces.console"entrypoint. When setting this value, please make surethat every enabled hardware type will have the sameset of enabled console interfaces on every ironic-conductor service.

enabled_deploy_interfaces = iscsi, direct (List) Specify the list of deploy interfaces to loadduring service initialization. Missing deploy interfaces,or deploy interfaces which fail to initialize, will preventthe ironic-conductor service from starting. At leastone deploy interface that is supported by eachenabled hardware type must be enabled here, or theironic-conductor service will not start. Must not be anempty list. The default value is a recommended set ofproduction-oriented deploy interfaces. A complete listof deploy interfaces present on your system may befound by enumerating the"ironic.hardware.interfaces.deploy" entrypoint. Whensetting this value, please make sure that everyenabled hardware type will have the same set ofenabled deploy interfaces on every ironic-conductorservice.



22

enabled_drivers = pxe_ipmitool (List) Specify the list of drivers to load during serviceinitialization. Missing drivers, or drivers which fail toinitialize, will prevent the conductor service fromstarting. The option default is a recommended set ofproduction-oriented drivers. A complete list of driverspresent on your system may be found byenumerating the "ironic.drivers" entrypoint. Anexample may be found in the developerdocumentation online.

enabled_hardware_types = ipmi (List) Specify the list of hardware types to load duringservice initialization. Missing hardware types, orhardware types which fail to initialize, will prevent theconductor service from starting. This option defaultsto a recommended set of production-orientedhardware types. A complete list of hardware typespresent on your system may be found byenumerating the "ironic.hardware.types" entrypoint.

enabled_inspect_interfaces = no-inspect (List) Specify the list of inspect interfaces to loadduring service initialization. Missing inspectinterfaces, or inspect interfaces which fail to initialize,will prevent the ironic-conductor service from starting.At least one inspect interface that is supported byeach enabled hardware type must be enabled here,or the ironic-conductor service will not start. Must notbe an empty list. The default value is arecommended set of production-oriented inspectinterfaces. A complete list of inspect interfacespresent on your system may be found byenumerating the "ironic.hardware.interfaces.inspect"entrypoint. When setting this value, please make surethat every enabled hardware type will have the sameset of enabled inspect interfaces on every ironic-conductor service.



23

enabled_management_interfaces = ipmitool (List) Specify the list of management interfaces toload during service initialization. Missingmanagement interfaces, or management interfaceswhich fail to initialize, will prevent the ironic-conductor service from starting. At least onemanagement interface that is supported by eachenabled hardware type must be enabled here, or theironic-conductor service will not start. Must not be anempty list. The default value is a recommended set ofproduction-oriented management interfaces. Acomplete list of management interfaces present onyour system may be found by enumerating the"ironic.hardware.interfaces.management" entrypoint.When setting this value, please make sure that everyenabled hardware type will have the same set ofenabled management interfaces on every ironic-conductor service.

enabled_network_interfaces = flat, noop (List) Specify the list of network interfaces to loadduring service initialization. Missing networkinterfaces, or network interfaces which fail toinitialize, will prevent the ironic-conductor servicefrom starting. At least one network interface that issupported by each enabled hardware type must beenabled here, or the ironic-conductor service will notstart. Must not be an empty list. The default value is arecommended set of production-oriented networkinterfaces. A complete list of network interfacespresent on your system may be found byenumerating the "ironic.hardware.interfaces.network"entrypoint. When setting this value, please make surethat every enabled hardware type will have the sameset of enabled network interfaces on every ironic-conductor service.



24

enabled_power_interfaces = ipmitool (List) Specify the list of power interfaces to loadduring service initialization. Missing power interfaces,or power interfaces which fail to initialize, will preventthe ironic-conductor service from starting. At leastone power interface that is supported by eachenabled hardware type must be enabled here, or theironic-conductor service will not start. Must not be anempty list. The default value is a recommended set ofproduction-oriented power interfaces. A complete listof power interfaces present on your system may befound by enumerating the"ironic.hardware.interfaces.power" entrypoint. Whensetting this value, please make sure that everyenabled hardware type will have the same set ofenabled power interfaces on every ironic-conductorservice.

enabled_raid_interfaces = agent, no-raid (List) Specify the list of raid interfaces to load duringservice initialization. Missing raid interfaces, or raidinterfaces which fail to initialize, will prevent theironic-conductor service from starting. At least oneraid interface that is supported by each enabledhardware type must be enabled here, or the ironic-conductor service will not start. Must not be an emptylist. The default value is a recommended set ofproduction-oriented raid interfaces. A complete list ofraid interfaces present on your system may be foundby enumerating the "ironic.hardware.interfaces.raid"entrypoint. When setting this value, please make surethat every enabled hardware type will have the sameset of enabled raid interfaces on every ironic-conductor service.

enabled_storage_interfaces = noop (List) Specify the list of storage interfaces to loadduring service initialization. Missing storageinterfaces, or storage interfaces which fail to initialize,will prevent the ironic-conductor service from starting.At least one storage interface that is supported byeach enabled hardware type must be enabled here,or the ironic-conductor service will not start. Must notbe an empty list. The default value is arecommended set of production-oriented storageinterfaces. A complete list of storage interfacespresent on your system may be found byenumerating the "ironic.hardware.interfaces.storage"entrypoint. When setting this value, please make surethat every enabled hardware type will have the sameset of enabled storage interfaces on every ironic-conductor service.



25

enabled_vendor_interfaces = no-vendor (List) Specify the list of vendor interfaces to loadduring service initialization. Missing vendorinterfaces, or vendor interfaces which fail to initialize,will prevent the ironic-conductor service from starting.At least one vendor interface that is supported byeach enabled hardware type must be enabled here,or the ironic-conductor service will not start. Must notbe an empty list. The default value is arecommended set of production-oriented vendorinterfaces. A complete list of vendor interfacespresent on your system may be found byenumerating the "ironic.hardware.interfaces.vendor"entrypoint. When setting this value, please make surethat every enabled hardware type will have the sameset of enabled vendor interfaces on every ironic-conductor service.

executor_thread_pool_size = 64 (Integer) Size of executor thread pool.

fatal_exception_format_errors = False (Boolean) Used if there is a formatting error whengenerating an exception message (a programmingerror). If True, raise an exception; if False, use theunformatted message.

force_raw_images = True (Boolean) If True, convert backing images to "raw"disk image format.

grub_config_template = $pybasedir/common/grub_conf.template

(String) Template file for grub configuration file.

hash_distribution_replicas = 1 (Integer) [Experimental Feature] Number of hosts tomap onto each hash partition. Setting this to morethan one will cause additional conductor services toprepare deployment environments and potentiallyallow the Ironic cluster to recover more quickly if aconductor instance is terminated.

hash_partition_exponent = 5 (Integer) Exponent to determine number of hashpartitions to use when distributing load acrossconductors. Larger values will result in more evendistribution of load and less load when rebalancingthe ring, but more memory usage. Number ofpartitions per conductor is(2^hash_partition_exponent). This determines thegranularity of rebalancing: given 10 hosts, and anexponent of the 2, there are 40 partitions in the ring.Afew thousand partitions should make rebalancingsmooth in most cases. The default is suitable for upto a few hundred conductors. Configuring for toomany partitions has a negative impact on CPU usage.



26

hash_ring_reset_interval = 180 (Integer) Interval (in seconds) between hash ringresets.

host = localhost (String) Name of this node. This can be an opaqueidentifier. It is not necessarily a hostname, FQDN, orIP address. However, the node name must be validwithin an AMQP key, and if using ZeroMQ, a validhostname, FQDN, or IP address.

isolinux_bin = /usr/lib/syslinux/isolinux.bin (String) Path to isolinux binary file.

isolinux_config_template = $pybasedir/common/isolinux_config.template

(String) Template file for isolinux configuration file.

my_ip = 127.0.0.1 (String) IP address of this host. If unset, willdetermine the IP programmatically. If unable to do so,will use "127.0.0.1".

notification_level = None (String) Specifies the minimum level for which to sendnotifications. If not set, no notifications will be sent.The default is for this option to be unset.

parallel_image_downloads = False (Boolean) Run image downloads and raw formatconversions in parallel.

pybasedir = /usr/lib/python/site-packages/ironic/ironic

(String) Directory where the ironic python module isinstalled.

rootwrap_config = /etc/ironic/rootwrap.conf (String) Path to the rootwrap configuration file to usefor running commands as root.

state_path = $pybasedir (String) Top-level directory for maintaining ironicsstate.

tempdir = /tmp (String) Temporary working directory, default isPython temp dir.

[healthcheck]

backends = (List) Additional backends that can perform healthchecks and report that information back as part of arequest.

detailed = False (Boolean) Show more detailed information as part ofthe response



27

disable_by_file_path = None (String) Check the presence of a file to determine ifan application is running on a port. Used byDisableByFileHealthcheck plugin.

disable_by_file_paths = (List) Check the presence of a file based on a port todetermine if an application is running on a port.Expects a "port:path" list of strings. Used byDisableByFilesPortsHealthcheck plugin.

path = /healthcheck (String) DEPRECATED: The path to respond tohealtcheck requests on.

[ironic_lib]

fatal_exception_format_errors = False (Boolean) Make exception message format errorsfatal.

root_helper = sudo ironic-rootwrap /etc/ironic/rootwrap.conf

(String) Command that is prefixed to commands thatare run as root. If not specified, no commands are runas root.


Table 2.7. Description of conductor configuration options


[conductor]

api_url = None (String) URL of Ironic API service. If not set ironic canget the current value from the keystone servicecatalog. If set, the value must start with either http://or https://.

automated_clean = True (Boolean) Enables or disables automated cleaning.Automated cleaning is a configurable set of steps,such as erasing disk drives, that are performed onthe node to ensure it is in a baseline state and readyto be deployed to. This is done after instance deletionas well as during the transition from a "manageable"to "available" state. When enabled, the particularsteps performed to clean a node depend on whichdriver that node is managed by; see the individualdrivers documentation for details. NOTE: Theintroduction of the cleaning operation causesinstance deletion to take significantly longer. In anenvironment where all tenants are trusted (eg,because there is only one tenant), this option couldbe safely disabled.


28

http://https://

check_provision_state_interval = 60 (Integer) Interval between checks of provisiontimeouts, in seconds.

clean_callback_timeout = 1800 (Integer) Timeout (seconds) to wait for a callbackfrom the ramdisk doing the cleaning. If the timeout isreached the node will be put in the "clean failed"provision state. Set to 0 to disable timeout.

configdrive_swift_container = ironic_configdrive_container

(String) Name of the Swift container to store configdrive data. Used when configdrive_use_swift is True.

configdrive_use_swift = False (Boolean) Whether to upload the config drive to Swift.

deploy_callback_timeout = 1800 (Integer) Timeout (seconds) to wait for a callbackfrom a deploy ramdisk. Set to 0 to disable timeout.

force_power_state_during_sync = True (Boolean) During sync_power_state, should thehardware power state be set to the state recorded inthe database (True) or should the database beupdated based on the hardware state (False).

heartbeat_interval = 10 (Integer) Seconds between conductor heart beats.

heartbeat_timeout = 60 (Integer) Maximum time (in seconds) since the lastcheck-in of a conductor. A conductor is consideredinactive when this time has been exceeded.

inspect_timeout = 1800 (Integer) Timeout (seconds) for waiting for nodeinspection. 0 - unlimited.

node_locked_retry_attempts = 3 (Integer) Number of attempts to grab a node lock.

node_locked_retry_interval = 1 (Integer) Seconds to sleep between node lockattempts.

periodic_max_workers = 8 (Integer) Maximum number of worker threads thatcan be started simultaneously by a periodic task.Should be less than RPC thread pool size.

power_state_sync_max_retries = 3 (Integer) During sync_power_state failures, limit thenumber of times Ironic should try syncing thehardware node power state with the node powerstate in DB

send_sensor_data = False (Boolean) Enable sending sensor data message viathe notification bus



29

send_sensor_data_interval = 600 (Integer) Seconds between conductor sendingsensor data message to ceilometer via thenotification bus.

send_sensor_data_types = ALL (List) List of comma separated meter types whichneed to be sent to Ceilometer. The default value,"ALL", is a special value meaning send all the sensordata.

send_sensor_data_wait_timeout = 300 (Integer) The time in seconds to wait for sendsensors data periodic task to be finished beforeallowing periodic call to happen again. Should beless than send_sensor_data_interval value.

send_sensor_data_workers = 4 (Integer) The maximum number of workers that canbe started simultaneously for send data from sensorsperiodic task.

soft_power_off_timeout = 600 (Integer) Timeout (in seconds) of soft reboot and softpower off operation. This value always has to bepositive.

sync_local_state_interval = 180 (Integer) When conductors join or leave the cluster,existing conductors may need to update anypersistent local state as nodes are moved around thecluster. This option controls how often, in seconds,each conductor will check for nodes that it should"take over". Set it to a negative value to disable thecheck entirely.

sync_power_state_interval = 60 (Integer) Interval between syncing the node powerstate to the database, in seconds.

workers_pool_size = 100 (Integer) The size of the workers greenthread pool.Note that 2 threads will be reserved by the conductoritself for handling heart beats and periodic tasks.


Table 2.8. Description of console configuration options


[console]

subprocess_checking_interval = 1 (Integer) Time interval (in seconds) for checking thestatus of console subprocess.


30

subprocess_timeout = 10 (Integer) Time (in seconds) to wait for the consolesubprocess to start.

terminal = shellinaboxd (String) Path to serial console terminal program.Used only by Shell In A Box console.

terminal_cert_dir = None (String) Directory containing the terminal SSL cert(PEM) for serial console access. Used only by ShellIn A Box console.

terminal_pid_dir = None (String) Directory for holding terminal pid files. If notspecified, the temporary directory will be used.


Table 2.9. Description of logging configuration options


[DEFAULT]

pecan_debug = False (Boolean) Enable pecan debug mode. WARNING:this is insecure and should not be used in aproduction environment.

Table 2.10. Description of deploy configuration options


[deploy]

continue_if_disk_secure_erase_fails = False (Boolean) Defines what to do if an ATA secure eraseoperation fails during cleaning in the Ironic PythonAgent. If False, the cleaning operation will fail and thenode will be put in clean failed state. If True, shredwill be invoked and cleaning will continue.

default_boot_option = None (String) Default boot option to use when no bootoption is requested in nodes driver_info. Currentlythe default is "netboot", but it will be changed to"local" in the future. It is recommended to set anexplicit value for this option.


31

erase_devices_metadata_priority = None (Integer) Priority to run in-band clean step that erasesmetadata from devices, via the Ironic Python Agentramdisk. If unset, will use the priority set in theramdisk (defaults to 99 for theGenericHardwareManager). If set to 0, will not runduring cleaning.

erase_devices_priority = None (Integer) Priority to run in-band erase devices via theIronic Python Agent ramdisk. If unset, will use thepriority set in the ramdisk (defaults to 10 for theGenericHardwareManager). If set to 0, will not runduring cleaning.

http_root = /httpboot (String) ironic-conductor nodes HTTP root path.

http_url = None (String) ironic-conductor nodes HTTP server URL.Example: http://192.1.2.3:8080

power_off_after_deploy_failure = True (Boolean) Whether to power off a node after deployfailure. Defaults to True.

shred_final_overwrite_with_zeros = True (Boolean) Whether to write zeros to a nodes blockdevices after writing random data. This will writezeros to the device even whendeploy.shred_random_overwrite_iterations is 0. Thisoption is only used if a device could not be ATASecure Erased. Defaults to True.

shred_random_overwrite_iterations = 1 (Integer) During shred, overwrite all block devices Ntimes with random data. This is only used if a devicecould not be ATA Secure Erased. Defaults to 1.


Table 2.11. Description of DHCP configuration options


[dhcp]

dhcp_provider = neutron (String) DHCP provider to use. "neutron" usesNeutron, and "none" uses a no-op provider.

Table 2.12. Description of disk partitioner configuration options


32

http://192.1.2.3:8080


[disk_partitioner]

check_device_interval = 1 (Integer) After Ironic has completed creating thepartition table, it continues to check for activity on theattached iSCSI device status at this interval prior tocopying the image to the node, in seconds

check_device_max_retries = 20 (Integer) The maximum number of times to checkthat the device is not accessed by another process. Ifthe device is still busy after that, the disk partitioningwill be treated as having failed.

[disk_utils]

bios_boot_partition_size = 1 (Integer) Size of BIOS Boot partition in MiB whenconfiguring GPT partitioned systems for local boot inBIOS.

dd_block_size = 1M (String) Block size to use when writing to the nodesdisk.

efi_system_partition_size = 200 (Integer) Size of EFI system partition in MiB whenconfiguring UEFI systems for local boot.

iscsi_verify_attempts = 3 (Integer) Maximum attempts to verify an iSCSIconnection is active, sleeping 1 second betweenattempts.

Table 2.13. Description of DRAC configuration options


[drac]

query_raid_config_job_status_interval = 120 (Integer) Interval (in seconds) between periodic RAIDjob status checks to determine whether theasynchronous RAID configuration was successfullyfinished or not.

Table 2.14. Description of glance configuration options


[glance]


33

allowed_direct_url_schemes = (List) A list of URL schemes that can be downloadeddirectly via the direct_url. Currently supportedschemes: [file].


auth_strategy = keystone (String) Authentication strategy to use whenconnecting to glance.


cafile = None (String) PEM encoded Certificate Authority to usewhen verifying HTTPs connections.

certfile = None (String) PEM encoded client certificate cert file

glance_api_insecure = False (Boolean) Allow to perform insecure SSL (https)requests to glance.

glance_api_servers = None (List) A list of the glance api servers available toironic. Prefix with https:// for SSL-based glance APIservers. Format is [hostname|IP]:port.

glance_api_version = 2 (Integer) Glance API version to use. Only version 2 issupported.

glance_cafile = None (String) Optional path to a CA certificate bundle to beused to validate the SSL certificate served by glance.It is used when glance_api_insecure is set to False.

glance_host = $my_ip (String) Default glance hostname or IP address.

glance_num_retries = 0 (Integer) Number of retries when downloading animage from glance.

glance_port = 9292 (Port number) Default glance port.

glance_protocol = http (String) Default protocol to use when connecting toglance. Set to https for SSL.


keyfile = None (String) PEM encoded client certificate key file



34

https://

swift_account = None (String) The account that Glance uses tocommunicate with Swift. The format is "AUTH_uuid"."uuid" is the UUID for the account configured in theglance-api.conf. Required for temporary URLs whenGlance backend is Swift. For example:"AUTH_a422b2-91f3-2f46-74b7-d7c9e8958f5d30".Swift temporary URL format:"endpoint_url/api_version/[account/]container/object_id"

swift_api_version = v1 (String) The Swift API version to create a temporaryURL for. Defaults to "v1". Swift temporary URLformat:"endpoint_url/api_version/[account/]container/object_id"

swift_container = glance (String) The Swift container Glance is configured tostore its images in. Defaults to "glance", which is thedefault in glance-api.conf. Swift temporary URLformat:"endpoint_url/api_version/[account/]container/object_id"

swift_endpoint_url = None (String) The "endpoint" (scheme, hostname, optionalport) for the Swift URL of the form"endpoint_url/api_version/[account/]container/object_id". Do not include trailing "/". For example, use"https://swift.example.com". If using RADOSGateway, endpoint may also contain /swift path; if itdoes not, it will be appended. Required for temporaryURLs.

swift_store_multiple_containers_seed = 0 (Integer) This should match a config by the samename in the Glance configuration file. When set to 0,a single-tenant store will only use one container tostore all images. When set to an integer valuebetween 1 and 32, a single-tenant store will usemultiple containers to store images, and this valuewill determine how many containers are created.

swift_temp_url_cache_enabled = False (Boolean) Whether to cache generated Swifttemporary URLs. Setting it to true is only useful whenan image caching proxy is used. Defaults to False.



35

https://swift.example.com

swift_temp_url_duration = 1200 (Integer) The length of time in seconds that thetemporary URL will be valid for. Defaults to 20minutes. If some deploys get a 401 response codewhen trying to download from the temporary URL, tryraising this duration. This value must be greater thanor equal to the value forswift_temp_url_expected_download_start_delay

swift_temp_url_expected_download_start_delay = 0

(Integer) This is the delay (in seconds) from the timeof the deploy request (when the Swift temporary URLis generated) to when the IPA ramdisk starts up andURL is used for the image download. This value isused to check if the Swift temporary URL duration islarge enough to let the image download begin. Also iftemporary URL caching is enabled this will determineif a cached entry will still be valid when the downloadstarts. swift_temp_url_duration value must be greaterthan or equal to this options value. Defaults to 0.

swift_temp_url_key = None (String) The secret token given to Swift to allowtemporary URL downloads. Required for temporaryURLs.

temp_url_endpoint_type = swift (String) Type of endpoint to use for temporary URLs.If the Glance backend is Swift, use "swift"; if it isCEPH with RADOS gateway, use "radosgw".

timeout = None (Integer) Timeout value for http requests


Table 2.15. Description of iBoot Web Power Switch configuration options


[iboot]

max_retry = 3 (Integer) Maximum retries for iBoot operations

reboot_delay = 5 (Integer) Time (in seconds) to sleep between whenrebooting (powering off and on again).

retry_interval = 1 (Integer) Time (in seconds) between retry attemptsfor iBoot operations

Table 2.16. Description of iLO configuration options


36


[ilo]

ca_file = None (String) CA certificate file to validate iLO.

clean_priority_clear_secure_boot_keys = 0 (Integer) Priority for clear_secure_boot_keys cleanstep. This step is not enabled by default. It can beenabled to clear all secure boot keys enrolled withiLO.

clean_priority_erase_devices = None (Integer) DEPRECATED: Priority for erase devicesclean step. If unset, it defaults to 10. If set to 0, thestep will be disabled and will not run during cleaning.This configuration option is duplicated by [deploy]erase_devices_priority, please use that instead.

clean_priority_reset_bios_to_default = 10 (Integer) Priority for reset_bios_to_default clean step.

clean_priority_reset_ilo = 0 (Integer) Priority for reset_ilo clean step.

clean_priority_reset_ilo_credential = 30 (Integer) Priority for reset_ilo_credential clean step.This step requires "ilo_change_password" parameterto be updated in nodess driver_info with the newpassword.

clean_priority_reset_secure_boot_keys_to_default = 20

(Integer) Priority for reset_secure_boot_keys cleanstep. This step will reset the secure boot keys tomanufacturing defaults.

client_port = 443 (Port number) Port to be used for iLO operations

client_timeout = 60 (Integer) Timeout (in seconds) for iLO operations

default_boot_mode = auto (String) Default boot mode to be used in provisioningwhen "boot_mode" capability is not provided in the"properties/capabilities" of the node. The default is"auto" for backward compatibility. When "auto" isspecified, default boot mode will be selected basedon boot mode settings on the system.

power_retry = 6 (Integer) Number of times a power operation needs tobe retried

power_wait = 2 (Integer) Amount of time in seconds to wait inbetween power operations

swift_ilo_container = ironic_ilo_container (String) The Swift iLO container to store data.


37

swift_object_expiry_timeout = 900 (Integer) Amount of time in seconds for Swift objectsto auto-expire.

use_web_server_for_images = False (Boolean) Set this to True to use http web server tohost floppy images and generated boot ISO. Thisrequires http_root and http_url to be configured in the[deploy] section of the config file. If this is set to False,then Ironic will use Swift to host the floppy imagesand generated boot_iso.


Table 2.17. Description of inspector configuration options


[inspector]





enabled = False (Boolean) whether to enable inspection using ironic-inspector. This option does not affect new-styledynamic drivers and the fake_inspector driver.



service_url = None (String) ironic-inspector HTTP endpoint. If this is notset, the service catalog will be used.

status_check_period = 60 (Integer) period (in seconds) to check status of nodeson inspection


Table 2.18. Description of IPMI configuration options


38


[ipmi]

min_command_interval = 5 (Integer) Minimum time, in seconds, between IPMIoperations sent to a server. There is a risk with somehardware that setting this too low may cause theBMC to crash. Recommended setting is 5 seconds.

retry_timeout = 60 (Integer) Maximum time in seconds to retry IPMIoperations. There is a tradeoff when setting thisvalue. Setting this too low may cause older BMCs tocrash and require a hard reset. However, setting toohigh can cause the sync power state periodic task tohang when there are slow or unresponsive BMCs.

Table 2.19. Description of iRMC configuration options


[irmc]

auth_method = basic (String) Authentication method to be used for iRMCoperations

client_timeout = 60 (Integer) Timeout (in seconds) for iRMC operations

port = 443 (Port number) Port to be used for iRMC operations

remote_image_server = None (String) IP of remote image server

remote_image_share_name = share (String) share name of remote_image_server

remote_image_share_root = /remote_image_share_root

(String) Ironic conductor nodes "NFS" or "CIFS" rootpath

remote_image_share_type = CIFS (String) Share type of virtual media

remote_image_user_domain = (String) Domain name of remote_image_user_name

remote_image_user_name = None (String) User name of remote_image_server

remote_image_user_password = None (String) Password of remote_image_user_name

sensor_method = ipmitool (String) Sensor data retrieval method.


39

snmp_community = public (String) SNMP community. Required for versions "v1"and "v2c"

snmp_polling_interval = 10 (Integer) SNMP polling interval in seconds

snmp_port = 161 (Port number) SNMP port

snmp_security = None (String) SNMP security name. Required for version"v3"

snmp_version = v2c (String) SNMP protocol version


Table 2.20. Description of iSCSI configuration options


[iscsi]

portal_port = 3260 (Port number) The port number on which the iSCSIportal listens for incoming connections.

Table 2.21. Description of keystone configuration options


[keystone]

region_name = None (String) The region used for getting endpoints ofOpenStack services.

Table 2.22. Description of metrics configuration options


[metrics]

agent_backend = noop (String) Backend for the agent ramdisk to use formetrics. Default possible backends are "noop" and"statsd".

agent_global_prefix = None (String) Prefix all metric names sent by the agentramdisk with this value. The format of metric namesis [global_prefix.][uuid.][host_name.]prefix.metric_name.


40

agent_prepend_host = False (Boolean) Prepend the hostname to all metric namessent by the agent ramdisk. The format of metricnames is [global_prefix.][uuid.][host_name.]prefix.metric_name.

agent_prepend_host_reverse = True (Boolean) Split the prepended host value by "." andreverse it for metrics sent by the agent ramdisk (tobetter match the reverse hierarchical form of domainnames).

agent_prepend_uuid = False (Boolean) Prepend the nodes Ironic uuid to all metricnames sent by the agent ramdisk. The format ofmetric names is [global_prefix.][uuid.][host_name.]prefix.metric_name.

backend = noop (String) Backend to use for the metrics system.

global_prefix = None (String) Prefix all metric names with this value. Bydefault, there is no global prefix. The format of metricnames is [global_prefix.][host_name.]prefix.metric_name.

prepend_host = False (Boolean) Prepend the hostname to all metric names.The format of metric names is [global_prefix.][host_name.]prefix.metric_name.

prepend_host_reverse = True (Boolean) Split the prepended host value by "." andreverse it (to better match the reverse hierarchicalform of domain names).


Table 2.23. Description of metrics configuration options specific to statsd backend


[metrics_statsd]

agent_statsd_host = localhost (String) Host for the agent ramdisk to use with thestatsd backend. This must be accessible fromnetworks the agent is booted on.

agent_statsd_port = 8125 (Port number) Port for the agent ramdisk to use withthe statsd backend.

statsd_host = localhost (String) Host for use with the statsd backend.

statsd_port = 8125 (Port number) Port to use with the statsd backend.


41

Table 2.24. Description of neutron configuration options


[neutron]


auth_strategy = keystone (String) Authentication strategy to use whenconnecting to neutron. Running neutron in noauthmode (related to but not affected by this setting) isinsecure and should only be used for testing.




cleaning_network = None (String) Neutron network UUID or name for theramdisk to be booted into for cleaning nodes.Required for "neutron" network interface. It is alsorequired if cleaning nodes when using "flat" networkinterface or "neutron" DHCP provider. If a name isprovided, it must be unique among all networks orcleaning will fail.

cleaning_network_security_groups = (List) List of Neutron Security Group UUIDs to beapplied during cleaning of the nodes. Optional for the"neutron" network interface and not used for the "flat"or "noop" network interfaces. If not specified, defaultsecurity group is used.



port_setup_delay = 0 (Integer) Delay value to wait for Neutron agents tosetup sufficient DHCP configuration for port.

provisioning_network = None (String) Neutron network UUID or name for theramdisk to be booted into for provisioning nodes.Required for "neutron" network interface. If a name isprovided, it must be unique among all networks ordeploy will fail.


42

provisioning_network_security_groups = (List) List of Neutron Security Group UUIDs to beapplied during provisioning of the nodes. Optional forthe "neutron" network interface and not used for the"flat" or "noop" network interfaces. If not specified,default security group is used.

retries = 3 (Integer) Client retries in the case of a failed request.


url = None (String) URL for connecting to neutron. Default valuetranslates to 'http://$my_ip:9696' when auth_strategyis 'noauth', and to discovery from Keystone catalogwhen auth_strategy is 'keystone'.

url_timeout = 30 (Integer) Timeout value for connecting to neutron inseconds.


Table 2.25. Description of OneView configuration options


[oneview]

allow_insecure_connections = False (Boolean) Option to allow insecure connection withOneView.

enable_periodic_tasks = True (Boolean) Whether to enable the periodic tasks forOneView driver be aware when OneView hardwareresources are taken and released by Ironic orOneView users and proactively manage nodes inclean fail state according to Dynamic Allocationmodel of hardware resources allocation in OneView.

manager_url = None (String) URL where OneView is available.

max_polling_attempts = 12 (Integer) Max connection retries to check changes onOneView.

password = None (String) OneView password to be used.

periodic_check_interval = 300 (Integer) Period (in seconds) for periodic tasks to beexecuted when enable_periodic_tasks=True.

tls_cacert_file = None (String) Path to CA certificate.


43

http://:9696

username = None (String) OneView username to be used.


Table 2.26. Description of PXE configuration options


[pxe]

default_ephemeral_format = ext4 (String) Default file system format for ephemeralpartition, if one is created.

image_cache_size = 20480 (Integer) Maximum size (in MiB) of cache for masterimages, including those in use.

image_cache_ttl = 10080 (Integer) Maximum TTL (in minutes) for old masterimages in cache.

images_path = /var/lib/ironic/images/ (String) On the ironic-conductor node, directorywhere images are stored on disk.

instance_master_path = /var/lib/ironic/master_images

(String) On the ironic-conductor node, directorywhere master instance images are stored on disk.Setting to disables image caching.

ip_version = 4 (String) The IP version that will be used for PXEbooting. Defaults to 4. EXPERIMENTAL

ipxe_boot_script = $pybasedir/drivers/modules/boot.ipxe

(String) On ironic-conductor node, the path to themain iPXE script file.

ipxe_enabled = False (Boolean) Enable iPXE boot.

ipxe_timeout = 0 (Integer) Timeout value (in seconds) for downloadingan image via iPXE. Defaults to 0 (no timeout)

ipxe_use_swift = False (Boolean) Download deploy images directly from swiftusing temporary URLs. If set to false (default),images are downloaded to the ironic-conductor nodeand served over its local HTTP server. Applicableonly when 'ipxe_enabled' option is set to true.

pxe_append_params = nofb nomodeset vga=normal

(String) Additional append parameters for baremetalPXE boot.

pxe_bootfile_name = pxelinux.0 (String) Bootfile DHCP parameter.


44

pxe_bootfile_name_by_arch = {} (Dict) Bootfile DHCP parameter per nodearchitecture. For example: aarch64:grubaa64.efi

pxe_config_template = $pybasedir/drivers/modules/pxe_config.template

(String) On ironic-conductor node, template file forPXE configuration.

pxe_config_template_by_arch = {} (Dict) On ironic-conductor node, template file for PXEconfiguration per node architecture. For example:aarch64:/opt/share/grubaa64_pxe_config.template

tftp_master_path = /tftpboot/master_images (String) On ironic-conductor node, directory wheremaster TFTP images are stored on disk. Setting to disables image caching.

tftp_root = /tftpboot (String) ironic-conductor nodes TFTP root path. Theironic-conductor must have read/write access to thispath.

tftp_server = $my_ip (String) IP address of ironic-conductor nodes TFTPserver.

uefi_pxe_bootfile_name = bootx64.efi (String) Bootfile DHCP parameter for UEFI bootmode.

uefi_pxe_config_template = $pybasedir/drivers/modules/pxe_grub_config.template

(String) On ironic-conductor node, template file forPXE configuration for UEFI boot loader.


Table 2.27. Description of Redis configuration options


[matchmaker_redis]

check_timeout = 20000 (Integer) Time in ms to wait before the transaction iskilled.

host = 127.0.0.1 (String) DEPRECATED: Host to locate redis.Replaced by [DEFAULT]/transport_url

password = (String) DEPRECATED: Password for Redis server(optional). Replaced by [DEFAULT]/transport_url

port = 6379 (Port number) DEPRECATED: Use this port toconnect to redis host. Replaced by[DEFAULT]/transport_url


45

sentinel_group_name = oslo-messaging-zeromq

(String) Redis replica set name.

sentinel_hosts = (List) DEPRECATED: List of Redis Sentinel hosts(fault tolerance mode), e.g., [host:port, host1:port ]Replaced by [DEFAULT]/transport_url

socket_timeout = 10000 (Integer) Timeout in ms on blocking socketoperations.

wait_timeout = 2000 (Integer) Time in ms to wait between connectionattempts.


Table 2.28. Description of SeaMicro configuration options


[seamicro]

action_timeout = 10 (Integer) Seconds to wait for power action to becompleted

max_retry = 3 (Integer) Maximum retries for SeaMicro operations

Table 2.29. Description of service catalog configuration options


[service_catalog]


auth_type = None (Unknown)

Red Hat OpenStack Platform 11 Configuration Reference · Red Hat OpenStack Platform 11...

Documents

Transcript of Red Hat OpenStack Platform 11 Configuration Reference · Red Hat OpenStack Platform 11...